summaryrefslogtreecommitdiffstats
path: root/isys/auditd.c
diff options
context:
space:
mode:
authorPeter Jones <pjones@redhat.com>2006-08-22 20:17:49 +0000
committerPeter Jones <pjones@redhat.com>2006-08-22 20:17:49 +0000
commit359c4c2b29d4be0c3456d92ca908da0bc0497089 (patch)
treed0db7a3b56efb5e7abb8f3d741f5bc2eac38754c /isys/auditd.c
parent1b7cfd62f906f882c9ebe84822643298c883220b (diff)
downloadanaconda-359c4c2b29d4be0c3456d92ca908da0bc0497089.tar.gz
anaconda-359c4c2b29d4be0c3456d92ca908da0bc0497089.tar.xz
anaconda-359c4c2b29d4be0c3456d92ca908da0bc0497089.zip
- add a simple audit daemon
Diffstat (limited to 'isys/auditd.c')
-rw-r--r--isys/auditd.c133
1 files changed, 133 insertions, 0 deletions
diff --git a/isys/auditd.c b/isys/auditd.c
new file mode 100644
index 000000000..b4a203870
--- /dev/null
+++ b/isys/auditd.c
@@ -0,0 +1,133 @@
+/*
+ * auditd.c
+ *
+ * This is a simple audit daemon that throws all messages away.
+ *
+ * Peter Jones <pjones@redhat.com>
+ *
+ * Copyright 2006 Red Hat, Inc.
+ *
+ * This software may be freely redistributed under the terms of the GNU
+ * General Public License, version 2.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#define _GNU_SOURCE 1
+
+#include <sys/types.h>
+#include <sys/syscall.h>
+#include <sys/poll.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include <libaudit.h>
+
+#include "auditd.h"
+
+#ifdef USESELINUX
+static int done;
+
+static void sig_done(int sig)
+{
+ done = 1;
+}
+
+static void do_auditd(int fd) {
+ struct auditd_reply_list *rep = NULL;
+ sigset_t sigs;
+ struct sigaction sa;
+ struct pollfd pds = {
+ .events = POLLIN | POLLPRI | POLLERR | POLLHUP | POLLMSG,
+ .revents = 0,
+ .fd = fd,
+ };
+
+ if (audit_set_pid(fd, getpid(), WAIT_YES) < 0)
+ return;
+
+ if (audit_set_enabled(fd, 1) < 0)
+ return;
+
+ memset(&sa, '\0', sizeof (sa));
+ sa.sa_handler = sig_done;
+ sigaction(SIGTERM, &sa, NULL);
+ sigaction(SIGINT, &sa, NULL);
+ sigaction(SIGHUP, &sa, NULL);
+
+ sigfillset(&sigs);
+ sigdelset(&sigs, SIGTERM);
+ sigdelset(&sigs, SIGINT);
+ sigdelset(&sigs, SIGHUP);
+
+ while (1) {
+ struct timespec timeout = { -1, -1 };
+ int retval;
+
+ if (rep == NULL) {
+ if (!(rep = calloc(1, sizeof (*rep))))
+ return;
+ }
+
+ do {
+ retval = ppoll(&pds, 1, &timeout, &sigs);
+ } while (retval == -1 && errno == EINTR && !done);
+
+ if (done)
+ break;
+
+ if (audit_get_reply(fd, &rep->reply, GET_REPLY_NONBLOCKING, 0) > 0) {
+ /* we don't actually want to do anything here. */
+ ;
+ }
+ }
+ return;
+}
+#endif /* USESELINUX */
+
+int audit_daemonize(void) {
+#ifdef USESELINUX
+ int fd;
+#ifndef STANDALONE
+ int i;
+ pid_t child;
+
+ if ((child = fork()) > 0)
+ return 0;
+
+ for (i = 0; i < getdtablesize(); i++)
+ close(i);
+
+ setsid();
+ signal(SIGTTOU, SIG_IGN);
+ signal(SIGTTIN, SIG_IGN);
+ signal(SIGTSTP, SIG_IGN);
+
+ if ((fd = open("/proc/self/oom_adj", O_RDWR)) >= 0) {
+ i = write(fd, "-17", 3);
+ close(fd);
+ }
+
+#endif /* !defined(STANDALONE) */
+ fd = audit_open();
+ do_auditd(fd);
+ audit_close(fd);
+#endif /* USESELINUX */
+ return 0;
+}
+
+#ifdef STANDALONE
+int main(void) {
+ return audit_daemonize();
+}
+#endif /* STANDALONE */
+
+/*
+ * vim:ts=8:sw=4:sts=4:et
+ */